CVE-2023-31041

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 14, 2023

Updated: Aug 24, 2023

CWE ID 312

Summary

CVE-2023-31041 is a vulnerability affecting SysPasswordDxe in Insyde's InsydeH2O, impacting kernel versions 5.0 to 5.5. This issue allows system password information to be stored in plaintext, increasing the risk of unauthorized access and information disclosure. The cleartext storage of passwords is an optional feature, but if enabled, it could pose a significant security concern. Users are advised to update their systems as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

InsydeH2O

Affected Vendors

Insyde Software

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sSe_Ts
https://www.cve.org/CVERecord?id=CVE-2023-31041
https://nvd.nist.gov/vuln/detail/CVE-2023-31041

Back to Vulnerability Database